Transition PostgreSQL persistent storage on docker to modern docker storage only

Question

With the advent of

docker volume create

for storage only containers, I'm still using the old way for running postgres on my machine for small applications without a dockerfile:

# MAKE MY DATA STORE
STORAGE_DIR=/home/username/mydockerdata/pgdata
docker create -v $STORAGE_DIR:/var/lib/postgresql/data --name mypgdata ubuntu true

# CREATE THE PG
docker run --name mypg -e POSTGRES_PASSWORD=password123 -d -p 5432:5432 --volumes-from mypgdata library/postgres:9.5.4

# RUN IT
docker start mypg
# docker stop mypg

I have 4 questions:

1. How could I move the old way to store my data in a local, persistent container to modern volumes?
2. The permissions my way have always seemed whacky: $ ls -lah $STORAGE_DIR/.. drwx------ 19 999 root 4.0K Aug 28 10:04 pgdata
Should I do this differently?
3. Does my networking look correct here? This will be visible only on the machine hosting docker, or is this also published to all machines on my wifi network?
4. Besides the weak password, standard ports, default usernames, for example here, are there other security fears in doing this for personal use only that I should be aware of?

Answer 1

1. Create a new volume and copy the data over. Then run your container with the new volume definition.

   docker volume create --name mypgdata
   docker run --rm \
     -v $STORAGE_DIR:/data \
     -v mypgdata:/datanew ubuntu \
     sh -c 'tar -C /data -cf - . | tar -C /datanew -xvf -'
   docker run --rm -v mypgdata:/data ubuntu ls -l /data
   

2. The permissions are normal. UID 999 is the postgres user that the postgres image creates.

3. Port 5432 will be accessible on all your docker hosts interfaces. If you only want it to be available on localhost use --port 127.0.0.1:5432:5432

4. Moving to listening on localhost mitigates most security issues, until someone gains access to your docker host. General security is a bit too broad a topic for a dot point.